Information Security Courses

Information Security Training

Who is Keeping Your Information Secure?

As more and more confidential information is stored and processed electronically, the risk of unauthorized access is on the rise. Data breaches and attacks make protection critical.

At New Horizons Kuwait City, our information security training programs are designed to ensure your organization is at a significantly reduced risk of an information breach and also minimizes negative impacts should a breach occur.

Information Security courses and certification are primarily created by vendor-neutral vendors such as CompTIA, (ISC)² and EC-Council. These organizations are committed to setting strict security standards that any organization can implement. Earning certifications from these vendor-neutral organizations is an ideal way to prove your skill and knowledge to your employer. We offer information security training and certification from the following vendors:

Information Security Certifications

CompTIA Security+

CompTIA Security+ training from New Horizons Kuwait City provides an excellent introduction to the security field and is typically a better entry point than jumping right into an advanced security program. With Security+, you’ll build a solid foundation of knowledge that you can build upon—helping you advance your career in the months and years to come.

Whether your goal is to become Security+ certified for your job, to prove your basic knowledge of security concepts or to gain more knowledge to secure your network, expert training from New Horizons is the perfect solution.

Security+ certification candidates must pass one exam. Although not required, it is strongly recommended that candidates possess their A+ and Network+ Certifications.

Target Audience

This course is intended for students wishing to prepare for the CompTIA Security+ Certification Exam. The qualification is aimed primarily at networking professionals, but because security is vital to all levels and job roles within an organization, it will also benefit PC support analysts, application developers and senior managers in accounting, sales, product development
and marketing.

At Course Completion

Upon successful completion of this course, students will learn:

Identify network attack strategies and defenses

Understand the principles of organizational security and the elements of effective security policies

CompTIA Social Media Security Professional (SMSP)

Certified SMSPs are an organization's first line of defense from social media security attacks, and New Horizons Kuwait City offers the training needed to acquire this important new security certification.

The SMSP certification designates professionals with demonstrated knowledge of the technical composition of social networking platforms and skills to effectively mitigate risks in order to safeguard organizations' critical information from social media hackers.

SMSP professionals have the skills necessary to anticipate attacks and guard sensitive information from social media hackers, and, in the event of a breach, have tools to quickly respond to security incidents. SMSPs have proven competency to help guide organization's social media personnel security policy.

In order to receive the CompTIA Social Media Security Professional Certification (SMSP) Certification, you must past one exam:

Target Audience

The SMSP certification is ideal for individuals who work with social media solutions and have experience in the cyber security space, or Chief Information Security Officers (CISO), Chief Information Officers (CIO) or other roles responsible for developing social media usage policies and education programs for end users.

The CompTIA Social Media Security Professional Certification course is the first step for Network technicians, Security administrators, Security architect, Security engineers and Network administrators to prepare for the certification exam.

About (ISC)2

(ISC)2 is a global non-profit organization whose primary goal is to help educate and certify Information Security professionals world-wide. Earning your (ISC)2 certifications is an excellent way to establish your knowledge and credibility.

Read descriptions of each of the (ISC)2 certifications and associated training below:

CAP - Certified Authorization Professional

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

Certified Information Systems Security Professional (CISSP)

New Horizons is proud to be able to provide training to assist you in preparation for the CISSP Information Security Certification exam. The CISSP certification is a globally recognized information security certification governed and bestowed by the International Information Systems Security Certification Consortium, also known as (ISC)2. It was the first information security credential accredited by the international ANSI ISO/IEC Standard 17024:2003.

Information Systems Security Management Professional (ISSMP)

This concentration requires that a candidate demonstrate two years of professional experience in the area of management, considering it on a larger enterprise-wide security model. This concentration contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a Business Continuity Planning program. A CISSP-ISSMP establishes, presents and governs information security programs demonstrating management and leadership skills. Typically the CISSP-ISSMP certification holder or candidate will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.

Information Systems Security Architecture Professional (ISSAP)

CISSP-ISSAP requires a candidate to demonstrate two years of professional experience in the area of architecture and is an appropriate credential for Chief Security Architects and Analysts who may typically work as independent consultants or in similar capacities. The architect plays a key role within the information security department with responsibilities that functionally fit between the C-suite and upper managerial level and the implementation of the security program. He/she would generally develop, design, or analyze the overall security plan. Although this role may typically be tied closely to technology this is not necessarily the case, and is fundamentally the consultative and analytical process of information security.

Information Systems Security Engineering Professional (ISSEP)

This concentration was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes, and all information systems. Security professionals are hungry for workable methodologies and best practices that can be used to integrate security into all facets of business operations. The SSE model taught in the IATF portion of the course is a guiding light in the field of information security and the incorporation of security into all information systems.

About EC-Council

The International Council of Electronic Commerce Consultants (EC-Council) is a long-standing professional certification organization for IT Professionsals. The EC-Council's goal is to provide support for individuals who create and maintain security and IT systems.

Read descriptions of each of the EC-Council certifications and associated training below:

Certified Ethical Hacker (CEH)

Certified Ethical Hacker training and certification at New Horizons will help you learn to stop hackers by thinking and acting like one. The CEH training immerses students in an interactive environment where they will learn how to scan, test, hack, and secure their own systems. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.

The CEH certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators and anyone who is concerned about the integrity of the network infrastructure.

Computer Hacking Forensic Investigator (CHFI)

The CHFI certification from EC-Council is an advanced certification for forensic network security investigators. As cybercrime has increased, the need for computer forensic investigators has grown dramatically. CHFI certified candidates may investigate invasion or theft of intellectual property, misuse of IT systems and violations of corporate IT usage policies.

The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal."

Licensed Penetration Tester (LPT)

EC-Council’s Licensed Penetration Tester (LPT) certification is a natural evolution and extended value addition to its series of security related professional certifications. The LPT standardizes the knowledge base for penetration testing professionals by incorporating best practices followed by experienced experts in the field.

While the Certified Ethical Hacker certification exposes the learner to hacking tools and technologies, the Certified Security Analyst course takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking network penetration testing training methods and techniques, this pen testing computer security certification helps students perform the intensive assessments required to effectively identify and mitigate risks to the information security of the infrastructure.

About IACRB

The Information Assurance Certification Review Board (IACRB) is an industry standard organization formed and organized for Information Security professionals. All IACRB certifications require not only a traditional exam but also require a hands-on practical exam to verify knowledge.

Read descriptions of each of the IACRB certifications and associated training below:

Certified Computer Forensics Examiner (CCFE)

The Certified Computer Forensics Examiner (CCFE) tests a candidate's fundamental knowledge of the computer forensics evidence recovery and analysis process. Candidates are evaluated on their relevant knowledge of both hard and soft skills. Candidates will be tested on soft skills; they must prove that they have the requisite background knowledge of the complex legal issues that relate to the computer forensics field. Candidates' hard skills are vetted via a comprehensive practical examination that is given to candidates that pass the online multiple choice exam. Only candidates that complete both the online multiple choice exam and the practical exam are granted active CCFE certification status.

This in-depth course teaches you advanced computer forensics. This course is intended for those that have either taken the InfoSec Institute Computer Forensics Boot Camp, or have experience in the computer forensic profession.

Certified Data Recovery Professional (CDRP)

The Certified Data Recovery Professional (CDRP) tests a candidate's fundamental knowledge of data recovery. Candidates must have the skills to successfully recover data from damaged or partially destroyed hard drives, sold state media and removable media. In addition to physical data recovery concepts tested, students must know how to perform logical recovery on common operating systems.

Certified Reverse Engineering Analyst (CREA)

In any hands on reverse engineer training course, it is important to have the opportunity to prove to current or potential employers that you have the skills you say you do. This course prepares you for the top reverse engineering certification in the industry, the CREA.

Certified SCADA Security Architect (CSSA)

The CSSA determines if a candidate possesses adequate knowledge to properly secure a SCADA system. It is designed to be relevant for power transmission, oil and gas and water treatment industries. The CSSA certification provides professionals with an objective measure of competence as well as a recognizable standard of achievement. The CSSA credential is ideal for industrial network administrators and their managers, as well as IT professionals and their managers.

Students will gain homeland security skills, by learning to assess and secure SCADA systems. This course covers everything from field based attacks to automated vulnerability assessments for SCADA networks.

Certified Web App Penetration Tester (CWAPT)

The CWAPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of web application penetration testing.

About ISACA

ISACA is an independent, non-profit global association founded in 1969 to provide guidance and benchmarks for information systems and risk management.

Read descriptions of each of the ISACA certifications and associated training below:

Certified in Risk and Information Systems Control (CRISC)

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

CRISC is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

Certified in the Governance of Enterprise IT (CGEIT)

CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization-that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.

CGEIT is specifically developed for IT and business professionals who have a significant management, advisory, or assurance role relating to the governance of enterprise IT.

Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

In this course students will perform evaluations of organizational policies, procedures and processes to ensure that an organization's information systems align with overall business goals and objectives. This course is aligned to the objectives established by Information Systems Audit and Control Association (ISACA) for the CISA exam.

What is Penetration Testing?

A penetration test subjects a system or a range of systems to real life security tests. The benefit of a complete penetration suite compared to a normal vulnerability scan system is to reach beyond a vulnerability scan test and discover different weaknesses and perform a much more detailed analysis. The user can perform specified attacks in high detail depending on his specific choices and needs. This is normally done via the many advanced techniques and utilities of a security consultant.

Penetration Testing Compared to Vulnerability Scanning

The advantage of a penetration test compared with an automated vulnerability scan is the involvement of the human element versus automated systems. A human can do several attacks based on skills, creativity. and information about the target system that an automated scanning can not do.

Several techniques like social engineering can usually be done by humans alone since it requires physical techniques that have to be performed by a human and is not covered by an automated system.

Advance your Information Security knowledge and become a specialist in Penetration Testing with training from New Horizons Kuwait City.

Core Classes

Specialization - select one

The Penetration Test Process

Discovery: The Penetrator performs information discovery via a wide range of techniques—that is, whois databases, scan utilities, Google data, and more—in order to gain as much information about the target system as possible. These discoveries often reveal sensitive information that can be used to perform specific attacks on a given machine.

Enumeration: Once the specific networks and systems are identified through discovery, it is important to gain as much information possible about each system. The difference between enumeration and discovery depends on the state of intrusion. Enumeration is all about actively trying to obtain usernames as well as software and hardware device version information.

Vulnerability Identification: The vulnerability identification step is a very important phase in penetration testing. This allows the user to determine the weaknesses of the target system and where to launch the attacks.

Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.

Denial of Service: A DOS (Denial of Service) test can be performed to test the stability of production systems in order to show if they can be crashed or not. When performing a penetration test of a preproduction system, it is important to test its stability and how easily can it be crashed. By doing this, its stability will be ensured once it is deployed into a real environment.

It is important to perform DOS testing to ensure the safeness of certain systems. If an attacker takes down your system during busy or peak hours, both you and your customer can incur a significant financial loss.

Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities. The reports come in different formats such as html, pdf, and xml. Furthermore, all the reports are open to be modified as of the user’s choice.